thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity

updated for version 7.4.624

Browse Source 
Problem:    May leak memory or crash when vim_realloc() returns NULL.
Solution:   Handle a NULL value properly. (Mike Williams)
This commit is contained in:
Bram Moolenaar
2015-02-10 18:34:01 +01:00
parent a1d2c58985
commit 9abd5c6507
5 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/if_cscope.c
View File

@@ -1507,9 +1507,16 @@ cs_insert_filelist(fname, ppath, flags, sb)
} }
else else
{ {
csinfo_T *t_csinfo = csinfo;
/* Reallocate space for more connections. */ /* Reallocate space for more connections. */
csinfo_size *= 2; csinfo_size *= 2;
csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size); csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size);
if (csinfo == NULL)
{
vim_free(t_csinfo);
csinfo_size = 0;
}
} }
if (csinfo == NULL) if (csinfo == NULL)
return -1; return -1;
@@ -2059,6 +2066,7 @@ cs_print_tags_priv(matches, cntxts, num_matches)
int num_matches; int num_matches;
{ {
char *buf = NULL; char *buf = NULL;
char *t_buf;
int bufsize = 0; /* Track available bufsize */ int bufsize = 0; /* Track available bufsize */
int newsize = 0; int newsize = 0;
char *ptag; char *ptag;
@@ -2120,9 +2128,13 @@ cs_print_tags_priv(matches, cntxts, num_matches)
newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno)); newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno));
if (bufsize < newsize) if (bufsize < newsize)
{ {
t_buf = buf;
buf = (char *)vim_realloc(buf, newsize); buf = (char *)vim_realloc(buf, newsize);
if (buf == NULL) if (buf == NULL)
{
bufsize = 0; bufsize = 0;
vim_free(t_buf);
}
else else
bufsize = newsize; bufsize = newsize;
} }
@@ -2143,9 +2155,13 @@ cs_print_tags_priv(matches, cntxts, num_matches)
if (bufsize < newsize) if (bufsize < newsize)
{ {
t_buf = buf;
buf = (char *)vim_realloc(buf, newsize); buf = (char *)vim_realloc(buf, newsize);
if (buf == NULL) if (buf == NULL)
{
bufsize = 0; bufsize = 0;
vim_free(t_buf);
}
else else
bufsize = newsize; bufsize = newsize;
} }

3
src/memline.c
View File

@@ -5057,6 +5057,8 @@ ml_updatechunk(buf, line, len, updtype)
/* May resize here so we don't have to do it in both cases below */ /* May resize here so we don't have to do it in both cases below */
if (buf->b_ml.ml_usedchunks + 1 >= buf->b_ml.ml_numchunks) if (buf->b_ml.ml_usedchunks + 1 >= buf->b_ml.ml_numchunks)
{ {
chunksize_T *t_chunksize = buf->b_ml.ml_chunksize;
buf->b_ml.ml_numchunks = buf->b_ml.ml_numchunks * 3 / 2; buf->b_ml.ml_numchunks = buf->b_ml.ml_numchunks * 3 / 2;
buf->b_ml.ml_chunksize = (chunksize_T *) buf->b_ml.ml_chunksize = (chunksize_T *)
vim_realloc(buf->b_ml.ml_chunksize, vim_realloc(buf->b_ml.ml_chunksize,
@@ -5064,6 +5066,7 @@ ml_updatechunk(buf, line, len, updtype)
if (buf->b_ml.ml_chunksize == NULL) if (buf->b_ml.ml_chunksize == NULL)
{ {
/* Hmmmm, Give up on offset for this buffer */ /* Hmmmm, Give up on offset for this buffer */
vim_free(t_chunksize);
buf->b_ml.ml_usedchunks = -1; buf->b_ml.ml_usedchunks = -1;
return; return;
} }

4
src/misc1.c
View File

@@ -3431,10 +3431,14 @@ get_keystroke()
buf = alloc(buflen); buf = alloc(buflen);
else if (maxlen < 10) else if (maxlen < 10)
{ {
char_u *t_buf = buf;
/* Need some more space. This might happen when receiving a long /* Need some more space. This might happen when receiving a long
* escape sequence. */ * escape sequence. */
buflen += 100; buflen += 100;
buf = vim_realloc(buf, buflen); buf = vim_realloc(buf, buflen);
if (buf == NULL)
vim_free(t_buf);
maxlen = (buflen - 6 - len) / 3; maxlen = (buflen - 6 - len) / 3;
} }
if (buf == NULL) if (buf == NULL)

22
src/netbeans.c
View File

@@ -1080,10 +1080,18 @@ nb_get_buf(int bufno)
{ {
if (bufno >= buf_list_size) /* grow list */ if (bufno >= buf_list_size) /* grow list */
{ {
nbbuf_T *t_buf_list = buf_list;
incr = bufno - buf_list_size + 90; incr = bufno - buf_list_size + 90;
buf_list_size += incr; buf_list_size += incr;
buf_list = (nbbuf_T *)vim_realloc( buf_list = (nbbuf_T *)vim_realloc(
buf_list, buf_list_size * sizeof(nbbuf_T)); buf_list, buf_list_size * sizeof(nbbuf_T));
if (buf_list == NULL)
{
vim_free(t_buf_list);
buf_list_size = 0;
return NULL;
}
vim_memset(buf_list + buf_list_size - incr, 0, vim_memset(buf_list + buf_list_size - incr, 0,
incr * sizeof(nbbuf_T)); incr * sizeof(nbbuf_T));
} }
@@ -3678,11 +3686,18 @@ addsigntype(
{ {
int incr; int incr;
int oldlen = globalsignmaplen; int oldlen = globalsignmaplen;
char **t_globalsignmap = globalsignmap;
globalsignmaplen *= 2; globalsignmaplen *= 2;
incr = globalsignmaplen - oldlen; incr = globalsignmaplen - oldlen;
globalsignmap = (char **)vim_realloc(globalsignmap, globalsignmap = (char **)vim_realloc(globalsignmap,
globalsignmaplen * sizeof(char *)); globalsignmaplen * sizeof(char *));
if (globalsignmap == NULL)
{
vim_free(t_globalsignmap);
globalsignmaplen = 0;
return;
}
vim_memset(globalsignmap + oldlen, 0, incr * sizeof(char *)); vim_memset(globalsignmap + oldlen, 0, incr * sizeof(char *));
} }
} }
@@ -3708,11 +3723,18 @@ addsigntype(
{ {
int incr; int incr;
int oldlen = buf->signmaplen; int oldlen = buf->signmaplen;
int *t_signmap = buf->signmap;
buf->signmaplen *= 2; buf->signmaplen *= 2;
incr = buf->signmaplen - oldlen; incr = buf->signmaplen - oldlen;
buf->signmap = (int *)vim_realloc(buf->signmap, buf->signmap = (int *)vim_realloc(buf->signmap,
buf->signmaplen * sizeof(int)); buf->signmaplen * sizeof(int));
if (buf->signmap == NULL)
{
vim_free(t_signmap);
buf->signmaplen = 0;
return;
}
vim_memset(buf->signmap + oldlen, 0, incr * sizeof(int)); vim_memset(buf->signmap + oldlen, 0, incr * sizeof(int));
} }
} }

2
src/version.c
View File

@@ -741,6 +741,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
624,
/**/ /**/
623, 623,
/**/ /**/